Adding win8/ and chrome_frame/ to _CheckForString16() whitelist.
[chromium-blink-merge.git] / chrome_elf / blacklist / blacklist_interceptions.cc
blobf1e5b304c175caebeea809469b83a31aa5a2c6aa
1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 //
5 // Implementation of NtMapViewOfSection intercept for 32 bit builds.
6 //
7 // TODO(robertshield): Implement the 64 bit intercept.
9 #include "chrome_elf/blacklist/blacklist_interceptions.h"
11 #include <string>
12 #include <vector>
14 // Note that only #includes from base that are either header-only or built into
15 // base_static (see base/base.gyp) are allowed here.
16 #include "base/basictypes.h"
17 #include "base/strings/string16.h"
18 #include "base/win/pe_image.h"
19 #include "chrome_elf/blacklist/blacklist.h"
20 #include "sandbox/win/src/internal_types.h"
21 #include "sandbox/win/src/nt_internals.h"
22 #include "sandbox/win/src/sandbox_nt_util.h"
23 #include "sandbox/win/src/sandbox_types.h"
25 namespace {
27 NtQuerySectionFunction g_nt_query_section_func = NULL;
28 NtQueryVirtualMemoryFunction g_nt_query_virtual_memory_func = NULL;
29 NtUnmapViewOfSectionFunction g_nt_unmap_view_of_section_func = NULL;
31 // TODO(robertshield): Merge with ntdll exports cache.
32 FARPROC GetNtDllExportByName(const char* export_name) {
33 HMODULE ntdll = ::GetModuleHandle(sandbox::kNtdllName);
34 return ::GetProcAddress(ntdll, export_name);
37 bool DllMatch(const base::string16& module_name) {
38 for (int i = 0; i < blacklist::g_troublesome_dlls_cur_index; ++i) {
39 if (module_name == blacklist::g_troublesome_dlls[i])
40 return true;
42 return false;
45 // TODO(robertshield): Some of the helper functions below overlap somewhat with
46 // code in sandbox_nt_util.cc. See if they can be unified.
48 // Native reimplementation of PSAPIs GetMappedFileName.
49 base::string16 GetBackingModuleFilePath(PVOID address) {
50 DCHECK_NT(g_nt_query_virtual_memory_func);
52 // We'll start with something close to max_path characters for the name.
53 ULONG buffer_bytes = MAX_PATH * 2;
54 std::vector<BYTE> buffer_data(buffer_bytes);
56 for (;;) {
57 MEMORY_SECTION_NAME* section_name =
58 reinterpret_cast<MEMORY_SECTION_NAME*>(&buffer_data[0]);
60 if (!section_name)
61 break;
63 ULONG returned_bytes;
64 NTSTATUS ret = g_nt_query_virtual_memory_func(
65 NtCurrentProcess, address, MemorySectionName, section_name,
66 buffer_bytes, &returned_bytes);
68 if (STATUS_BUFFER_OVERFLOW == ret) {
69 // Retry the call with the given buffer size.
70 buffer_bytes = returned_bytes + 1;
71 buffer_data.resize(buffer_bytes);
72 section_name = NULL;
73 continue;
75 if (!NT_SUCCESS(ret))
76 break;
78 UNICODE_STRING* section_string =
79 reinterpret_cast<UNICODE_STRING*>(section_name);
80 return base::string16(section_string->Buffer,
81 section_string->Length / sizeof(wchar_t));
84 return base::string16();
87 bool IsModuleValidImageSection(HANDLE section,
88 PVOID *base,
89 PLARGE_INTEGER offset,
90 PSIZE_T view_size) {
91 DCHECK_NT(g_nt_query_section_func);
93 if (!section || !base || !view_size || offset)
94 return false;
96 SECTION_BASIC_INFORMATION basic_info;
97 SIZE_T bytes_returned;
98 NTSTATUS ret = g_nt_query_section_func(section, SectionBasicInformation,
99 &basic_info, sizeof(basic_info),
100 &bytes_returned);
102 if (!NT_SUCCESS(ret) || sizeof(basic_info) != bytes_returned)
103 return false;
105 if (!(basic_info.Attributes & SEC_IMAGE))
106 return false;
108 return true;
111 base::string16 ExtractLoadedModuleName(const base::string16& module_path) {
112 if (module_path.empty() || module_path[module_path.size() - 1] == L'\\')
113 return base::string16();
115 size_t sep = module_path.find_last_of(L'\\');
116 if (sep == base::string16::npos)
117 return module_path;
118 else
119 return module_path.substr(sep+1);
122 // Fills |out_name| with the image name from the given |pe| image and |flags|
123 // with additional info about the image.
124 void SafeGetImageInfo(const base::win::PEImage& pe,
125 std::string* out_name,
126 uint32* flags) {
127 out_name->clear();
128 out_name->reserve(MAX_PATH);
129 *flags = 0;
130 __try {
131 if (pe.VerifyMagic()) {
132 *flags |= sandbox::MODULE_IS_PE_IMAGE;
134 PIMAGE_EXPORT_DIRECTORY exports = pe.GetExportDirectory();
135 if (exports) {
136 const char* image_name = reinterpret_cast<const char*>(
137 pe.RVAToAddr(exports->Name));
138 size_t i = 0;
139 for (; i < MAX_PATH && *image_name; ++i, ++image_name)
140 out_name->push_back(*image_name);
143 PIMAGE_NT_HEADERS headers = pe.GetNTHeaders();
144 if (headers) {
145 if (headers->OptionalHeader.AddressOfEntryPoint)
146 *flags |= sandbox::MODULE_HAS_ENTRY_POINT;
147 if (headers->OptionalHeader.SizeOfCode)
148 *flags |= sandbox::MODULE_HAS_CODE;
151 } __except(GetExceptionCode() == EXCEPTION_ACCESS_VIOLATION ?
152 EXCEPTION_EXECUTE_HANDLER : EXCEPTION_CONTINUE_SEARCH) {
153 out_name->clear();
157 base::string16 GetImageInfoFromLoadedModule(HMODULE module, uint32* flags) {
158 std::string out_name;
159 base::win::PEImage pe(module);
160 SafeGetImageInfo(pe, &out_name, flags);
161 return base::string16(out_name.begin(), out_name.end());
164 } // namespace
166 namespace blacklist {
168 bool InitializeInterceptImports() {
169 g_nt_query_section_func = reinterpret_cast<NtQuerySectionFunction>(
170 GetNtDllExportByName("NtQuerySection"));
171 g_nt_query_virtual_memory_func =
172 reinterpret_cast<NtQueryVirtualMemoryFunction>(
173 GetNtDllExportByName("NtQueryVirtualMemory"));
174 g_nt_unmap_view_of_section_func =
175 reinterpret_cast<NtUnmapViewOfSectionFunction>(
176 GetNtDllExportByName("NtUnmapViewOfSection"));
178 return g_nt_query_section_func && g_nt_query_virtual_memory_func &&
179 g_nt_unmap_view_of_section_func;
182 SANDBOX_INTERCEPT NTSTATUS WINAPI BlNtMapViewOfSection(
183 NtMapViewOfSectionFunction orig_MapViewOfSection,
184 HANDLE section,
185 HANDLE process,
186 PVOID *base,
187 ULONG_PTR zero_bits,
188 SIZE_T commit_size,
189 PLARGE_INTEGER offset,
190 PSIZE_T view_size,
191 SECTION_INHERIT inherit,
192 ULONG allocation_type,
193 ULONG protect) {
194 NTSTATUS ret = orig_MapViewOfSection(section, process, base, zero_bits,
195 commit_size, offset, view_size, inherit,
196 allocation_type, protect);
198 if (!NT_SUCCESS(ret) || !sandbox::IsSameProcess(process) ||
199 !IsModuleValidImageSection(section, base, offset, view_size)) {
200 return ret;
203 HMODULE module = reinterpret_cast<HMODULE>(*base);
204 if (module) {
205 UINT image_flags;
207 base::string16 module_name(GetImageInfoFromLoadedModule(
208 reinterpret_cast<HMODULE>(*base), &image_flags));
209 base::string16 file_name(GetBackingModuleFilePath(*base));
211 if (module_name.empty() && (image_flags & sandbox::MODULE_HAS_CODE)) {
212 // If the module has no exports we retrieve the module name from the
213 // full path of the mapped section.
214 module_name = ExtractLoadedModuleName(file_name);
217 if (!module_name.empty() && DllMatch(module_name)) {
218 DCHECK_NT(g_nt_unmap_view_of_section_func);
219 g_nt_unmap_view_of_section_func(process, *base);
220 ret = STATUS_UNSUCCESSFUL;
224 return ret;
227 } // namespace blacklist